Testing white list mode

To ensure that Application Control rules do not block applications required for work, it is recommended to enable testing of Application Control rules and analyze their operation after creating new rules. When testing is enabled, Kaspersky Endpoint Security will not block applications whose startup is forbidden by Application Control rules, but will instead send notifications about their startup to the Administration Server.

When testing white list mode, it is recommended to perform the following actions:

1. Determine the testing period (ranging from several days to two months).
2. Enable testing of Application Control rules.
3. Examine the events resulting from testing the operation of Application Control and reports on test blocked runs to analyze the testing results.
4. Based on the analysis results, make changes to the white list mode settings.

   In particular, based on the test results, you can add executable files related to events of the Application Control component to an application category with content added manually.

Page top